|
Why is removing command line access NOT an option? What does being at QSECURITY level 30 mean ? What type of Profile is the owner of the program (AMAPICS) ? User, SECOFR? etc >>> "Burns, Bryan" <burnsbm@echoincorporated.com> 01/26/01 03:06PM >>> Removing command line access is not an option. We are at QSECURITY level 30. Here are most profile attributes and a DSPPGM of the initial menu. User profile . . . . . . . . . . > JILLH User password . . . . . . . . . *SAME Set password to expired . . . . *NO Status . . . . . . . . . . . . . *ENABLED User class . . . . . . . . . . . *USER Assistance level . . . . . . . . *SYSVAL Current library . . . . . . . . *CRTDFT Initial program to call . . . . EX400C Library . . . . . . . . . . . ECALIB Initial menu . . . . . . . . . . *SIGNOFF Library . . . . . . . . . . . Limit capabilities . . . . . . . *PARTIAL Special authority . . . . . . . *NONE + for more values Special environment . . . . . . *NONE Display sign-on information . . *YES Password expiration interval . . *SYSVAL Limit device sessions . . . . . *NO Keyboard buffering . . . . . . . *SYSVAL Maximum allowed storage . . . . *NOMAX Highest schedule priority . . . 3 Job description . . . . . . . . QDFTJOBD Library . . . . . . . . . . . QGPL Group profile . . . . . . . . . *NONE Owner . . . . . . . . . . . . . *USRPRF Group authority . . . . . . . . *NONE Group authority type . . . . . . *PRIVATE Supplemental groups . . . . . . *NONE + for more values Accounting code . . . . . . . . *BLANK Document password . . . . . . . *SAME Message queue . . . . . . . . . JILLH Library . . . . . . . . . . . QUSRSYS Delivery . . . . . . . . . . . . *NOTIFY Severity code filter . . . . . . 0 Print device . . . . . . . . . . PRTP0 Output queue . . . . . . . . . . *WRKSTN Library . . . . . . . . . . . Attention program . . . . . . . *NONE Library . . . . . . . . . . . Program . . . . . . . : EX400C Library . . . . . . . : ECALIB Owner . . . . . . . . : AMAPICS Program attribute . . : CLP Program creation information: Program creation date/time . . . . . . . . . . . : 10/03/96 10:00:16 Type of program . . . . . . . . . . . . . . . . : OPM Source file . . . . . . . . . . . . . . . . . . : SOURCE Library . . . . . . . . . . . . . . . . . . . : ECALIB Source member . . . . . . . . . . . . . . . . . : EX400C Source file change date/time . . . . . . . . . . : 10/03/96 09:59:36 Observable information . . . . . . . . . . . . . : *ALL User profile . . . . . . . . . . . . . . . . . . : *OWNER Use adopted authority . . . . . . . . . . . . . : *YES Log commands (CL program) . . . . . . . . . . . : *JOB Allow RTVCLSRC (CL program) . . . . . . . . . . : *YES Fix decimal data . . . . . . . . . . . . . . . . : *NO Bryan Burns Echo, Inc. Lake Zurich, IL Burnsbm@echoincorporated.com -----Original Message----- From: fiona.fitzgerald@notes.royalsun.com [SMTP:fiona.fitzgerald@notes.royalsun.com] Sent: Friday, January 26, 2001 11:09 AM To: MIDRANGE-L@midrange.com Subject: Re: Changing user profiles without *SECADM; adding *SECADM without ev en having *SECADM Bryan, If the user doesn't need a command line, you could change their profile to LMTCPB(*YES), which will prevent them from invoking a command line. Might the initial object be owned by a profile with *SECADM authority ? They might be inheriting authority from it ? Do they have an initial pgm or an initial menu ? I'd like to see all the usrprf attributes. By the way, what security level are you at ? (DSPSYSVAL QSECURITY). Fiona Fitzgerald, Dublin Bryan Burns wrote: We have a user profile with special authority *NONE that can do a CHGUSRPRF and add *SECADM special authority to another profile. This is done from a command line on the initial menu. This initial menu has three options: EXECUTE OFFICE, EXECUTE MAPICS, and SIGN OFF. How is this possible? We are on V4R4 and at cume level CO252440. The profile in question has USER CLASS *USER, GROUP PROFILE *NONE, OWNER *USRPRFand LIMIT CAPABILITIES *PARTIAL. I think this may be due to adopted authority, but I am not a programmer and I have dug as far as I can into this. Can someone shed some light on this? +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +--- +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +--- +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.